Extracted

• • Target

    800f9ec3e0b17084a4479e88fcc9089418ebd621531d1aee2eefbed5622a69b4.exe

  • Size

    740KB

  • MD5

    c9c012589d85d3610541a5c7377d5ac9

  • SHA1

    bc89c09faa26ca0f12ff6fb08d6f8e4129f1a8cc

  • SHA256

    800f9ec3e0b17084a4479e88fcc9089418ebd621531d1aee2eefbed5622a69b4

  • SHA512

    79e55f17547bdab4cae59606cd9d7c940520d234ef43d4f47b366e2d95f3c55ad5ef3ae254ef7e702bfb774b9e3e9c46b8b7e9e156acb72c01e4de3f2c1c7bf2

  • SSDEEP

    12288:2YRxA4Y5lyA/BxSPCKn8QJFW7Rkw9OknmAhwXc3wx1h2zv6oAXNjQa:RRzn1JKmknmKwXcgB2zv1Al

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2